Login Signup
Verified Document

Security Breach Case Scenario 1: Security Breach Essay

Related Topics:
Security Private Security Security Management Information Security
Open Document Cite Document

Security Breach Case Scenario 1: Security Breach

Hospitals have the opportunity and responsibility to integrate sound policies and procedures in relation to the protection of the confidential client information (Rodwin, 2010). St. John's Hospital in no different to this notion has the organization seeks to enhance the security and confidentiality of the information of its clients. The organization is a role model to other institutions within the geographical area on the essential need to integrate valuable security issues with reference to patient data privacy and security. Currently, the organization faces critical security breaches as printouts in the restricted-access IS department are not shredded. It has come to the attention of the personnel who serve late into their routine that most cleaning staff read the printouts.

This is a reflection of invasion into private information of the patients thus affecting their confidentiality. It is essential for the organization to adopt and integrate an appropriate method of curbing these issues thus enhancing the security and confidentiality of the patients' information or data. This research exercise will focus on the most effective ways to respond to the problem, evaluation of quality training for the staff, and implementation of management plan for the organization in association with the development of the code of conduct.

How can you respond to these situations?

The security breach in this context requires an extensive response with the aim of enhancing confidentiality of the information or data pertaining to the consumers. One of the essential responses to the situation is provision of critical warning to the cleaning staff on invading confidential information or data of the patients. This is a spontaneous move to limit access of the data by the cleaning staff. The personnel should also raise this issues with the IS department on the need to shred printouts. Shredding of the printouts will limit accessibility of the patients' confidential information or data. This is a reflection of temporary purpose as the main objective of the organization should be adoption and implementation of Electronic Health Record (EHR). This will limit or eliminate accessibility of the patients' confidential information to the cleaners. Electronic Health Record will be essential in the realization of goals and objectives in enhancement confidentiality of the patients' information or data.

What training can you provide to your staff?

Electronic Health Record implementation plan requires critical training strategies in order to improve or maximize protection and security opportunities. Training of the staff is one of the greater investments in the achievement of electronic health record implementation. This aspect is essential in the realization of the full potential of the HER and employees with the aim of enhancing confidentiality of the patients' information or data. In the implementation of the electronic health record, it is essential to offer three critical training strategies to the staff. These include super user training, role-based training, and process-based training (Rothstein, 2007).

Super User Training

It is essential for the organization to maximize the opportunity of vendor training with the aim of creating group of 'super users'. Super users refer to health employees trained on the ability to move through the electronic health record quickly. These employees have the capacity to share quality hints and techniques to other users for the purposes of enhancing the security and confidentiality of the patients' information or data. The core group of the super users in relation to electronic health record will be effective in the provision of internal training to the clinicians and office staff. This is an essential component of an electronic health record (EHR) implementation plan. This is because of quality combination of the specialized EHR training and application of the EHR training within the organization to facilitate effective workflow and patient population interaction. Super users training is the foundation of adoption and implementation of the electronic health record.

Role-Based Training

It is also critical to focus on training the staff on their roles, expectations, and responsibilities while enhancing the security and confidentiality of the patients' data or information. This training should focus on how each group or staff members will adopt and integrate electronic health record in the execution of their duties within the organization. The training should focus on the role of the IT support staff, office staff, and clinical providers in relation to implementation of the electronic health record. The organization should consider tailoring the role-based training program to suit the needs of the staff groups within the health entity.

Process-Based Training

It is essential to note that integration of the electronic health record into the culture, practices, or hospital center will have great influence on the workflow. It is critical for the organization to train...

Practice-based training is vital and critical in enhancing the understanding of the employees in relation to the new cases of workflows. For instance, the staff members should understand how to implement the new plan into provision of clinical summaries in relation to the patients' information or data. Training should also focus on sharing information across the relevant departments. This will also limit accessibility of vital information on the concept of authority.
How can you implement your management plan?

In implementation of the electronic health record, it is essential to adhere to the following five steps or stages with the aim of achieving full potential of the strategy.

Step 1: Conduct a Risk Analysis

In the implementation of the management plan, the first aspect should focus on the execution of effective and efficient risk analysis. This entails reviewing current protected health information safeguards with the aim of evaluating vulnerabilities. It is also essential to implement HITECH's for grid reporting on the risk analysis. In this first step, it is also critical for the organization to evaluate firewalls and virus protection with the aim of enhancing integrity and availability of patients' information or data. This is an attempt to review security measures in order to provide secure e-communications for the organization in protecting confidentiality of the patients' data or information. The organization should also consider reviewing its responsibilities in relation to the HIPAA security rule. This is essential to ensure that the organization is in accordance with the legal and health requirements (Prehe, 2008).

Step 2: Establishment of Administrative Safeguards

The second step should focus on the integration and establishment of the administrative safeguards. This would entail assigning an internal security leader to enhance implementation of the plan to provide adequate opportunity for the achievement of full potential. During this stage, the organization should also focus on the development of data security policies, objectives, and procedures to guide implementation of the plan by the staff members. The organization should also consider development of an effective plan aiming to update electronic systems with the aim of curbing potential web threats. This is vital for the enhancement of security, integrity, and availability of the patients' data or information by the organization through its staff members.

Step 3: Building of Technical Safeguards

The third step of the management plan should focus on the creation and development of the technical safeguards. This is through determination of the role-based access and implementation of the audit trails. This is vital towards the promotion of integrity and accountability of the electronic system in enhancing security and confidentiality of the patients' data. The organization should also focus on audit applications to enhance transparency and accountability of the systems in handling confidential information of the patients. During this stage, the organization should also focus on testing and reviewing vulnerabilities in relation to the networking systems. This is essential to enhance transmission of information or data on a secure networking systems thus prevention of invasion into confidential patients' information or data. The review of vulnerabilities will provide an accurate opportunity for the organization to address any security breach through implementation of extensive and quality solution to the problem.

Step 4: Creation of Physical Safeguards

The fourth step of the management implementation plan should focus on the development or establishment of physical safeguards towards the achievement of full potential. During this stage, the organization should focus on the creation of policies and procedures with the aim of protecting inventory. The policies should also control access to the communication systems such as desktops, servers, and information systems in order to enhance secure e-communication. During this stage, the organization should also focus on the development of accurate process for handling lost or stolen laptops and handheld communication devices. This is essential in the determination of integrity of the information and communication within the organization. It is also critical for the organization to adopt and integrate system backup and data recovery processes, policies, and procedures. This should focus on three critical aspects: environmental, natural, and unauthorized intrusions. Under natural aspects, the organization should adopt and implement policies to address issues such as flood, tornado, and earthquake. Unauthorized issues such as hackers, and burglary should follow critical procedures for data recovery and backup strategies. It is also essential to implement contingency plans in relation to diverse situations affecting the patients' data or information (Barakat, 2001).

Step 5: Determination of Online Backup Measures

The organization should focus on the determination of…

Continue Reading...
Sources used in this document:
References

Rodwin, M.A. (2010). Patient Data: Property, Privacy & the Public Interest. American Journal

Of Law & Medicine, 36(4), 586-618.

Prehe, J. (2008). Exploring the Information Management Side of RIM. Information Management

Journal, 42(3), 62-67.
Cite this Document:
Copy Bibliography Citation

Related Documents

Essay
Security Privacy in Health Care, the Protection
Words: 2180 Length: 7 Document Type: Essay

Security Privacy In health care, the protection of confidential patient information is an important key in to addressing critical issues and safeguarding the privacy of the individual. To provide more guidance are federal guidelines such as: the Health Care Insurance Affordability and Accountability Act (HIPPA). On the surface, all facilities are supposed to have procedures in place for discarding these kinds of materials. ("Summary of HIPPA Privacy Rule," 2102) In the case

Read More
Essay
Security Policy of a Dental
Words: 1254 Length: 3 Document Type: Term Paper

SECURITY and PRIVACY - the following security and privacy requirements apply: The Office does not accept responsibility for the privacy, confidentiality or security of data or information not generated by this office or transmitted from external sources into the system. The Office does not accept responsibility for loss, corruption, misdirection or delays in transmission of personal data through the system. Users are responsible for the integrity of all data and

Read More
Essay
Security - Agip Kazakhstan North
Words: 14948 Length: 35 Document Type: Term Paper

They need to know what their responsibilities are not only as individuals but also as team members and corporate employees. David cites an excerpt from a corporate security document that illustrates his point: "A security policy serves many functions. It is a central document that describes in detail acceptable network activity and penalties for misuse. A security policy also provides a forum for identifying and clarifying security goals and

Read More
Essay
3408 Term 1 Coursework 2012-13 Law 3408
Words: 2288 Length: 8 Document Type: Essay

3408 Term 1 Coursework 2012-13 Law 3408 course work Victoria's Case Employers engage workers on either contracts of service or contracts for services. Therefore, any person engaged under a contract of service qualifies as an employee and enjoys full protection as per the employment legislation. In addition, a self-employed individual must possess a contract for services with the party for whom one offers their services. It is important for people to acknowledge

Read More
Essay
Cloud Computing and Data Security
Words: 5196 Length: 18 Document Type: Term Paper

It's a tidal wave that's going to engulf us all within the next five years. Cloud services will be a $160 billion industry by the end of 2011" (Ginovsky 2011, 21). Although the decision to transition from a traditional approach to cloud computing will depend on each organization's unique circumstances, a number of general benefits have been cited for those companies that have made the partial or complete transition to

Read More
Essay
Personal Health Information Security
Words: 1247 Length: 6 Document Type: Essay

Case Study: Information Security Issue Macro-view of the Problem The hospital faces a problem of end-user security: sensitive data is vulnerable to exposure in the workplace as the end-user methods of using computers in the hospital are ineffective to safeguard the data from theft. Personal health records are important for patients, but if privacy of data cannot be guaranteed, these records are more of a risk to personal privacy than a benefit

Read More

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now